re ISSUE-31 (metadata in URI), sub-issue secrets-in-URIs
http://www.schneier.com/blog/archives/2010/05/detecting_brows.html
"All major browsers allow their users' history to be detected"
Note
(a) this confirms the claim made in TAG discussion that URIs that one
navigates to are sometimes not well protected
(b) it is taken for granted that this is a bug (privacy breach) that
needs to be fixed, and that can be (i.e. the FF developers think that
protecting URIs is "best practice")
If I understand correctly the attack only applies to guessable URIs.
Jonathan